security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,314 Commits 1 Branch 0 Tags
1ce072a4e58238d94deae33ff8de25458ac129d5
Commit Graph

3 Commits

Author SHA1 Message Date
Ruben Groenewoud 473df70fbb [Rule Tuning] Linux DR Tuning - 5 (#5494) 
* [Rule Tuning] Linux DR Tuning - 5

* Fix query syntax for shared object detection rule

* Update defense_evasion_kernel_module_removal.toml

* Fix condition for process working directory check

* Refactor query in defense_evasion_symlink_binary rule

---------

Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
 2026-01-07 15:55:06 +01:00
shashank-elastic 93ac471574 Monthly Schema Updates (#5046) 2025-09-01 20:42:42 +05:30
Ruben Groenewoud a4a5b171c4 [New Rule] Multi-Base64 Decoding Attempt from Suspicious Location (#4931) 
* [New Rule] Multi-Base64 Decoding Attempt from Suspicious Location

* ++

* Update rules/linux/defense_evasion_multi_base64_decoding_attempt.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

* Update rules/linux/defense_evasion_multi_base64_decoding_attempt.toml

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
 2025-08-25 10:31:25 +02:00